EXPLORE
Sign In
← Back to Explore
T1204.004

Malicious Copy and Paste

An adversary may rely upon a user copying and pasting code in order to gain execution. Users may be subjected to social engineering to get them to copy and paste code directly into a [Command and Scripting Interpreter](https://attack.mitre.org/techniques/T1059). One such strategy is "ClickFix," in which adversaries present users with seemingly helpful solutions—such as prompts to fix errors or complete CAPTCHAs—that instead instruct the user to copy and paste malicious code. Malicious websites,...

LinuxmacOSWindows
8
Detections
2
Sources
1
Threat Actors

BY SOURCE

6sigma2elastic

PROCEDURES (7)

Registry2 detections

Auto-extracted: 2 detections for registry

Download1 detections

Auto-extracted: 1 detections for download

Powershell1 detections

Auto-extracted: 1 detections for powershell

Registry Monitoring1 detections

Auto-extracted: 1 detections for registry monitoring

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Download1 detections

Auto-extracted: 1 detections for download

Powershell1 detections

Auto-extracted: 1 detections for powershell

THREAT ACTORS (1)

Contagious Interview

DETECTIONS (8)

FileFix - Command Evidence in TypedPaths
sigmahigh
Potential Execution via FileFix Phishing Attack
elastichigh
Potential Fake CAPTCHA Phishing Attack
elastichigh
Suspicious ClickFix/FileFix Execution Pattern
sigmahigh
Suspicious Explorer Process with Whitespace Padding - ClickFix/FileFix
sigmahigh
Suspicious FileFix Execution Pattern
sigmahigh
Suspicious Space Characters in RunMRU Registry Path - ClickFix
sigmahigh
Suspicious Space Characters in TypedPaths Registry Path - FileFix
sigmahigh